I'm new here. Need some advice on the site-to-site VPN.
My organization is using MX84 as our firewall and we have 2 WAN.
Currently, we are using WAN 1 (Metro-E with fixed IP) to establish site-to-site VPN to 2 remote sites (both using Cisco ASA).
We are adding a new remote site, and I'm planning to have the new site to use MX64 to leverage on the AutoVPN features. As the new site going to use a lot of traffic (CCTV), I want to use WAN 2(High speed broadband) for this tunnel.
Is this going to work? Just want to make sure before proceed with the purchase.
*Only HQ need to be able to see remote sites. The remote sites doesn't need to see each other.
Solved! Go to Solution.
Yes the solution will work but keep in mind the MX64 support only 50 user's live traffic only. if users count goes beyond this you might face the latency issue.
Also since you are new to Meraki technology you need to be aware about Meraki auto vpn..
Auto-VPN tunnel will work only between the different network under the same organization,so if you are putting your Meraki Mx under same organization then only it will work otherwise it will be communicate as other Non-Meraki VPN Peers which doesn't have SDWAN functionality and this we generally use when we don't have Meraki mx on both sides.
So go for order after check your user count.maximum bandwidth supported in the data sheet.
Thanks for the reply.
The 50 users, means 50 devices right? 30 CCTVs, 3 Servers, 4 workstation, 2 switches will be counted as 39 users?
I want to use WAN 2(High speed broadband) for this tunnel.
Hi @rafiejo. When using AutoVPN by default the MX will attempt to establish a VPN tunnel on every available interface it has available. However, you can change this behavior, or control which tunnel is used to send traffic over on the Security & SD-WAN > SD-WAN & Traffic shaping configuration page.
More information on how to configure all this can be found in this KB article:
It's a bit confusing since we are going to have non-meraki vpn and AutoVPN.
As far as I know, non-meraki VPN will only work on WAN1 primary uplink. And we planned to have:
This rule only apply to AutoVPN right? But there is no option to prefer secondary uplink.
I guess we just need to create the rule here?